def _kdf_input_len_check(data_key_len, kdf_type, kdf_input_len): """Validates that data_key_len and kdf_input_len have the correct relationship. :param int data_key_len: Number of bytes in key :param kdf_type: KDF algorithm to use :param kdf_type: cryptography.io KDF object :param int kdf_input_len: Length of input data to feed into KDF function """ if kdf_type is None and data_key_len != kdf_input_len: raise InvalidAlgorithmError( 'Invalid Algorithm definition: data_key_len must equal kdf_input_len for non-KDF algorithms' ) elif data_key_len > kdf_input_len: raise InvalidAlgorithmError( 'Invalid Algorithm definition: data_key_len must not be greater than kdf_input_len' )
def valid_kdf(self, kdf): """Determine whether a KDFSuite can be used with this EncryptionSuite. :param kdf: KDFSuite to evaluate :type kdf: aws_encryption_sdk.identifiers.KDFSuite :rtype: bool """ if kdf.input_length is None: return True if self.data_key_length > kdf.input_length(self): raise InvalidAlgorithmError( "Invalid Algorithm definition: data_key_len must not be greater than kdf_input_len" ) return True